Backdoor.Win32.Zxman Missing Authentication

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6b2a9304d1c7a63365db0f9fd12d39b0.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zxman Vulnerability: Missing Authentication Description: Backdoor.Win32.Zxman by Zx-m...

Theonedev Onedev 代码问题漏洞

Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. Theonedev A security vulnerability...

CVE-2020-9143

There is a missing authentication vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability may lead to low-sensitive information exposure...

CVE-2020-9143

Technical details about CVE-2020-9143 are not publicly provided in the connected documents. Available sources reiterate a missing-auth vulnerability in Huawei smartphones with limited impact information; monitor for official updates or advisories.

Multiple Sooil Product License Issue Vulnerabilities

Sooil Dana Diabecare RS and others are products of Sooil Korea.Sooil Dana Diabecare RS is a smart insulin pump with discrete remote control for medical use.Sooil Anydana-i is a mobile application that can be used to control the Sooil Dana Diabecare RS.Sooil Anydana-i is a mobile application that...

Siemens SCALANCE X Products (Update B)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X Products Vulnerabilities: Missing Authentication for Critical Function, Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the...

Crimson Critical Function Missing Authentication Vulnerability

Crimson is a programming software from Red Lion. Crimson suffers from a lack of authentication vulnerability in critical functions. An attacker could exploit this vulnerability to read and modify databases without authentication in the default configuration...

Red Lion Crimson 3.1

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Red Lion Equipment: Crimson 3.1 Vulnerabilities: NULL Pointer Dereference, Missing Authentication for Critical Function, Improper Resource Shutdown or Release 2. RISK EVALUATION Successful...

The vulnerability of the SAP ERP HCM workforce management software lies in the lack of authentication, which allows attackers to elevate their privileges.

The vulnerability of the SAP ERP HCM workforce management software is related to the lack of authentication. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

Missing Authentication Due To Incorrect Configuration

Apache Tomee openejb-core has missing authentication. The vulnerability exists due to an incomplete fix of CVE-2020-11969 where when embedded ActiveMQ broker with URI setting useJMX=true is used, it causes JMX port to open on TCP port 1099, which does not include authentication...

CVE-2020-7540

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause unauthenticated command executio...

CVE-2020-26829

SAP NetWeaver AS JAVA P2P Cluster Communication, versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. ...

Schneider Electric Easergy T300

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Easergy T300 Vulnerability : Missing Authentication for Critical Function, Missing Authorization, Missing Encryption of Sensitive Data, Improper Restriction of Rendered UI Layers or Frames 2...

CVE-2020-28937

OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information PHI stored in the application, via a direct request for the /tests/ URI...

CVE-2020-28937

CVE-2020-28937 affects OpenClinic 0.8.2. A missing authentication issue allows unauthenticated users to access a patient’s medical test results via direct requests to the /tests/ URI, potentially exposing PHI. The vulnerability is highlighted in multiple sources (NVD entry, ThreatPost report) as ...

CVE-2020-28937

OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information PHI stored in the application, via a direct request for the /tests/ URI...

Exploit for Missing Authentication for Critical Function in Sap Netweaver_Application_Server_Java

PoC exploit for CVE-2020-6287, a vulnerability in SAP NetWeaver AS Java. The exploit targets the CTCWebService component, allowing an unauthenticated attacker to add a user with no administrator permission set. The vulnerability is present in the CTCWebServiceBean?wsdl endpoint, which is accessed...

CVE-2020-7561

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 with firmware 2.7 and older that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted...

CVE-2020-7561

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 with firmware 2.7 and older that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted...

Authentication flaw

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 with firmware 2.7 and older that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted...